﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using ZSZ.CommonMVC;
using ZSZ.DTO;
using ZSZ.IService;

namespace ZSZ.Website.Areas.WebAdmin.Filters
{
    public class AdminAuthorizeAttribute : AuthorizeAttribute
    {
        public bool IsCheck { get; set; }

        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            //base.OnAuthorization(filterContext);

            //不验证
            if (!IsCheck)
            {
                return;
            }

            //得到当前登录用户的id
            long? userId = (long?)filterContext.HttpContext.Session["LoginUserId"];
            if (userId == null)//连登录都没有，就不能访问
            {
                //根据不同的请求，给予不同的返回格式。确保ajax请求，浏览器端也能收到json格式
                if (filterContext.HttpContext.Request.IsAjaxRequest())
                {
                    AjaxResult ajaxResult = new AjaxResult();
                    ajaxResult.Status = "redirect";
                    ajaxResult.Data = "/WebAdmin/Home/Login";
                    ajaxResult.ErrorMsg = "没有登录";
                    filterContext.Result = new JsonNetResult { Data = ajaxResult };
                }
                else
                {
                    filterContext.Result = new RedirectResult("~/WebAdmin/Home/Login");
                }
                return;
            }

            string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
            string actionName = filterContext.ActionDescriptor.ActionName;
            string httpMethod = filterContext.HttpContext.Request.HttpMethod;

            #region 特殊权限
            IAdminUserPermissionService adminUserPermissionService = DependencyResolver.Current.GetService<IAdminUserPermissionService>();
            AdminUserPermissionDTO ap = adminUserPermissionService.GetAdminUserPermission(userId.Value, controllerName, actionName, httpMethod);
            if (ap != null)
            {
                if (ap.HasPermission)
                {
                    //允许特殊权限
                    return;
                }
                else
                {
                    //拒绝特殊权限
                    if (filterContext.HttpContext.Request.IsAjaxRequest())
                    {
                        AjaxResult ajaxResult = new AjaxResult();
                        ajaxResult.Status = "error";
                        ajaxResult.ErrorMsg = "暂无操作权限";
                        filterContext.Result = new JsonNetResult { Data = ajaxResult };
                    }
                    else
                    {
                        //TODO:统一错误页面
                        filterContext.Result = new ContentResult { Content = "暂无操作权限" };
                    }
                    return;
                }
            }
            #endregion

            //由于ZSZAuthorizeFilter不是被autofac创建，因此不会自动进行属性的注入
            //需要手动获取Service对象
            IAdminUserService userService = DependencyResolver.Current.GetService<IAdminUserService>();
            //判断当前登录用户是否具有权限
            if (!userService.HasPermission(userId.Value, controllerName, actionName, httpMethod))
            {
                //只要碰到任何一个没有的权限，就禁止访问
                //在IAuthorizationFilter里面，只要修改filterContext.Result 
                //那么真正的Action方法就不会执行了
                if (filterContext.HttpContext.Request.IsAjaxRequest())
                {
                    AjaxResult ajaxResult = new AjaxResult();
                    ajaxResult.Status = "error";
                    ajaxResult.ErrorMsg = "暂无操作权限";
                    filterContext.Result = new JsonNetResult { Data = ajaxResult };
                }
                else
                {
                    //TODO:统一错误页面
                    filterContext.Result = new ContentResult { Content = "暂无操作权限" };
                }
                return;
            }
        }
    }
}